I haven't heard from anyone since my last post. Is the general opinion that I should use the LUA interface, write a dissector, use "decode as" with a byte offset (if possible) or some other method? The VPN tunnel is OpenVPN, but I am not yet familiar with the 5 byte header into the encapsulated payload. I guess I could write a simple plugin that doesn't decode the first 5 bytes and then passes the rest of the payload to the IP dissector and all should roll downhill......
Bill
Food fight? Enjoy some healthy debate
in the
Yahoo! Answers Food & Drink Q&A.